<?php
	if(isset($_GET['id'])&&(is_numeric($_GET['id']))){
		$id = $_GET['id'];
	    include 'connect.php';
		$sql = "SELECT * FROM articoli WHERE id='$id'";
		$query = @mysql_query($sql) or die (mysql_error());
		if(mysql_num_rows($query) > 0) {
			$row = mysql_fetch_array($query) or die (mysql_error());
			$id_articolo = $row['id'];
		}
	}
    include_once './../plugin/securimage/securimage.php';
    $securimage = new Securimage();
    $com_art = $id_articolo;
    $com_data = date("d/m/y - H:i");
    $com_nome = mysql_real_escape_string(htmlspecialchars($_POST['com_nome'])); 
    $com_email = mysql_real_escape_string(htmlspecialchars($_POST['com_email']));
    $com_text = mysql_real_escape_string(htmlspecialchars($_POST['com_text']));
    if ($securimage->check($_POST['captcha_code']) == false) {
        echo '<script language=javascript>
            document.location.href="./../captcha_error.php"
        </script>';
        exit;
    }
    else {
        $sql = "INSERT INTO commenti (com_art,com_nome,com_email,com_text,com_data) VALUES ('$com_art', '$com_nome','$com_email','$com_text','$com_data')"; 
        $result = mysql_query($sql,$conn) or die ("Errore nella query: " . mysql_error());
        echo '
        <script language=javascript>
            document.location.href="./../index.php" 
        </script>
        ';
    }
?>